You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@mesos.apache.org by "Alexander Rojas (JIRA)" <ji...@apache.org> on 2017/04/24 13:09:04 UTC

[jira] [Created] (MESOS-7415) Add authorization to master's operator maintenance API in v0 and v1

Alexander Rojas created MESOS-7415:
--------------------------------------

             Summary: Add authorization to master's operator maintenance API in v0 and v1
                 Key: MESOS-7415
                 URL: https://issues.apache.org/jira/browse/MESOS-7415
             Project: Mesos
          Issue Type: Task
          Components: c++ api, HTTP API, master
            Reporter: Alexander Rojas


None of the maintenance primitives in either API v0 or API v1 have any kind of authorization, which allows any user with valid credentials to do things such as shutting down a machine, schedule time off on an agent, modify maintenance schedule, etc.

The authorization support needs to be added to the v0 endpoints:

* {{/master/machine/up}}
* {{/master/machine/down}}
* {{/master/maintenance/schedule}}
* {{/master/maintenance/status}}

as well as to the v1 calls:

* {{GET_MAINTENANCE_STATUS}}
* {{GET_MAINTENANCE_SCHEDULE}}
* {{UPDATE_MAINTENANCE_SCHEDULE}}
* {{START_MAINTENANCE}}
* {{STOP_MAINTENANCE}}



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)